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^ . 1 Summary 



The conventional protection of information by cryptographical keys makes no 
sense if a key can be quickly discovered by an unauthorized person. This way of 
r — , penetration to the protected systems was made possible by a quantum comput- 

Q> ' ers in view of results of P.Shor ( |Sh| ) and L.Grover ( |Gr|| ). This work presents 

the method of protection of an information in a database from a spy even he 
O ; knows all about its control system and has a quantum computer, whereas a 

database can not distinguish between operations of spy and legal user. 
^ ' Such a database with quantum mechanical memory plays a role of proba- 

2 . bilistic oracle for some Boolean function / : it returns the value /(a) for a query 

'~ i' a of user in time 0{N'^ log n), after that restors its initial state also in this time, 

where N is cardinality of Domf. The software of database is independent of 

a function /. Classical state of such a database must contain the list of pairs 

k^ , (a, /(a)), a G Dom /, taken in some order. Quantum mechanical principles 

\^ • allow to mix all these lists with different orders and the same amplitude in one 

5^ , quantum state called normal, and perform all user's operations extracting /(a) 

only in states of such a sort. Now if somebody S tries to learn f{b) for b ^ a 
then this action so ruins the normal state that the legal user with high proba- 
bility will not obtain a pair of the form a, . . . and hence the presence of S will be 
detected. It is proved that for a spy the probability to learn f{b) asymptotically 
( when N — > oo ) does not acceed the probability of its exposure. 

Here advantage is taken of relative diffusion transforms (RDT), which make 
possible to fulfill all operations in normal states. Such transforms look like 



diffusion transforms applied by L.Grover in |Gi| but RDT are defined in a quite 
different manner. 

A classical database with property of such a sort is impossible. 



2 Introduction. The main definitions 

All known models of quantum computers: quantum Turing Machines ( look in 



[pel, |BV| ), quantum circuits (look in |Ya|) and quantum cellular automata 
(look in [|Wa| ) can simulate each ather with a polynomial slowdown and have 
the same computational power as classical computers. It is unknown is it possi- 
ble to simulate absolute (without oracles) quantum computations by a classical 
computer with a polynomial slowdown or not. Such a simulation is known only 



with exponential slowdown (look in |BV|). As for relativized (with oracles) 



computations, the classical simulation with a polynomial slowdown is impos- 



sible (look in |BB|) and there is much evidence that quantum computers are 



substantially more effective than any classical device (look in |DJ], [BB|, |3h|, 



To create databases we shall use the model of quantum computer with two 
parts: classical part, which transforms by classical lows (say as Turing Machine 
or cellular automaton), and quantum part which transforms by the quantum 
mechanical principles. We proceed with the exact definitions. 

Memory {quantum part). It is a set £ which elements are called qubits. £ 
may be designed as a discrete lattice: £ C Z^' or as a tree, etc. Each qubit takes 
values from the complex 1-dimensional sphere of radius 1: {zqO + zil \ zi, Z2 € 
C, |zoP + l^iP = !}• Here and 1 are referred as basic states of qubit and form 
the basis of C^ . It will be convenient to divide £ into registers of 2 neighboring 
qubits each so that each register takes values from oj = {0, 1, 2, 3}. 

A basic state of the quantum part is a function of the form e : £ — > {0, 1}. 
If we fix some order on £ — {i>i,i'2, ■ ■ ■ ,i^r} (f even), the basic state e may 
be encoded as \e{i^i) , e{v2) , ■ ■ ■ , &{vr))- Such a state can be naturally identified 
with the corresponding word in alphabet to. 

Let Co, ei, . . . , e^-i be all basic states, taken in some fixed order, Ti. be 
iiT-dimensional Hilbert space with orthonormal basis eg, ei, . . . , e^-i, 2*" ~ K . 
This Hilbert space can be regarded as tensor product TLi (^ 7^2 (S* ' ' ' (S* '^r of 2- 
dimensional spaces, where TLi is generated by the possible values of e(fi), TLi = 
C^. A (pure) state of quantum part is such element x G H that \x\ = 1. Thus, in 
contrast to classical devices, quantum device may be not only in basic states, but 
also in coherent states, and this imparts surprising properties to such devices. 

Put /C = {0, 1, . . . , X — 1}. For elements x — Yl XsCs, y ~ Yl ^J■ses € 

Ti their dot product ^ As /is is denoted by {x\y)^ where pL means complex 

conjugation of /i e C, hence {x\y) — {y\x) . 

Unitary transformations. Let {1, . . . ,r} = Ui=i -^f j Lfr\L'j=(l){i^ j), 
unitary transform Uf acts on (S'jgL^ Sj, then U'' = (^j^i Uf acts on H, s = 
1,2,..., M. We require that all f/* belong to some finite set of transformation 
independent of £ which can be easily performed by physical devices. 

A computation is a chain of such unitary transformations: 



Xo — > Xi — ' ■■■ — * XM- 

The passages U" — > [7"+^ s — 1, . . . ,AI and the value M are determined by 
the classical algorithm which points the partition IJ Li and chooses the transfor- 
mations C// sequentially for each s. This algorithm is performed by the classical 
part of computer. 

Observations. Let X — ^ ^s^s be some fix state of computer, often 

X = Xm- If^ G {0,1}'^ is the list of possible values for the first k qubits, then 
we put Ba = {i I 3afe+i,afe+2,.. .,ar e {0,1} : e, = Aa^+iafe+z . . . a^}. A 
(quantum) result of this observation is a new state x^ — X) ^^^i' where 

PA = X] -^f- The observation of the first register in state x is the procedure 

leBA 
which gives the pair: < classical word A , quantum state x > with probability 
PA for any possible A G {0, 1}'^. To receive such words A is the unique way for 
anybody to learn the result of quantum computations. 



3 Diffusion transform 



In this section we recollect some notions and ideas from the works [Gi| and 



[BBHT] 



Every unitary transformation U : Ti — » Ti can be represented by it's matrix 

U — (uij) where Uij = {U{ej)\ei) so that for x = ^ \epj U{x) ~ X '^'p^v ^^ 

peK peK 

have A' — UX, where A, A' are columns with elements Ap, A' respectively. The 



following significant diffusion transform D (introduced in [Gr|) is defined by 
D = -WRW-^, where M^ = C/i (g) t/2 (g) ... (g) C/r , each Ui acts on H, and has 
the matrix 

U/V2 -I/V2 J ' 

and R is the phase invertion of cq. For every state x — "^ XpCp an average 

pe/c 
amplitude is taken as Xav = X \/K- 

peK 



Proposition 1 (Grover , |Gr| ). For every state 



X 



{ep\x) - Xav = Xav " {ep\D{x)). (1) 

This means that D is the inversion about average. 

One step of Grover's algorithm is unitary transform G = DRt where Rt is 
phase rotation of some target state et ■ Proposition 1 implies that the amplitude 
of et grows approximately on 1/VA as a result of application of G to the state 

a;o = (eo + ei H h eK-l)/^/K. 



The following two notes about this algorithm have been done in the work 



[BBHT] 



1. If we have the set T of target states of cardinality |r| = K/A, then one 
step of so modified transform G makes all amplitudes of the states e ^ T equal 
to zero. 

2. Let W be any unitary transform satisfying W'{eQ) — -i= ^ e^. Then 

Proposition remains true if W' is taken instead of W in the definition of D. 

4 Relative diffusion transform 

In this section we introduce the generalization of diffusion transform - relative 
diffusion transform (RDT) which is the key notion for the construction of the 
control system for our database. 

In what follows for the set C = {0, 1, . . . , iV - 1}, N < K, C denotes 
{e, I 0<i<iV-l}. 

Fix the notation: xc = -^ X) ^i- Let M be unitary transformation of the 

form Ti — > Ti such that Af(eo) = xc- Such transform M is called C-mixing. 
We do not require that subspace, spanned by C" is M-invariant. 

Definition. RDT(i3) is the following transform: Dc = —MRM^^ where 
R is defined above, M is C-mixing. 

The following Lemma generalizes Proposition. 

Lemma 1 Dc does not change an amplitude fig of Cg if s ^ C and makes it 
^-^is tfseC,whereA= J2 t^s, N^\C\. 

Proof 

At first note that for every s € K. M^^{es) = Yl '^\^i^ '^1 = 1/v^ for any 

s e C and a° = for other s. Really, a° = (A/"i(es) | eq) = (e^ | Af(eo)) = 
l/yN in view of unitarity M . Now for a; = ^ iJ-s^s we have the following 

equations: 

= -M( E M. E <e^ - 2 E eo/ViV) 
seK ieK sec 

= -Et^ses + ^Y:t^s^i:e, 

sG/C sec jec 

= - E t^sCs + E ej(Tr ~ Aij)- ° 
s^c jec 

Corollary 1 Let C C /C, \C\ = N, T <Z C, \T\ = 7V/4, and M is C-mixmg. 
Then -MRoM-^Rrixc) = XT- 



It is readily seen that the applying of DcRt for \T\ — N/A doubles am- 
plitudes in states of the form xc, whereas Grover's algorithm increases them 
only on constant {0{1/\/K). Note that generally speaking, RDT(C) can not 



be realized on a quantum computer for arbitrary subset C <Z K, (look at [Oz| ). 
But in the next section we shall show how RDT can be realized in our specific 
case: for the databases. 



5 Realization of RDT on quantum computer. 
Control system for the database 

Let / be a function of the form: {0, 1}" — > {0, 1}". A presentation of / is a 
basic state of the form 

ao,/(ao),ai,/(ai),.. .,aAr_i,/(a7v^i),7i,72,-- ■ , where ao, ai, . . . , aat^i 
are all different strings from {0, 1}" taken in some order, N = 2", 

7 = (71, 72, • ■ • ,72nAr) are values of ancillary qubits. There are M — N\ 
forms of presentations different only in ancillary qubits, we denote them by 
Pq, Pi , . . . , Pji-n where Pq corresponds to the lexicographic order on {0, 1}". 
Notation: Pi — Oq, /(oq), . . ., we shall omitt 7 = in notations. A string 
Ba = (a, /(a)) is called block. Put 7W = {0, 1, . . . , M - 1}. 

Control system, of the database consists of the following two parts: 

Preparation of the main state This is a unitary transformation 

Extracting and restoring procedures Given a query a an extracting 
procedure consists of two parts: 
1. Unitary transform 



Ex : x^^ Xa "= ...^_ E ^" 



def 



ieC(a) 



where C(a) = {i \ a\^ — a}. 

2. Following observation of the first 2n qubits. This observation gives the 
required information a, /(a) with certainty and does not change the observed 
state because Xa has the form |a, /(a)) Xa- 

The restoring procedure is (Ex)^^ which gives again xo and the database is 
ready for the following query. 

We shall describe only Ex because the main state can be prepared along 
similar lines. If a = o'icr2 • • ■ o'n/2 is some query to the database, all ai € 
uj, then Cj denotes the set of all basic states of the form Pj where Oq = 
(Ticr2 . . . (Tj(5j+i^j+2 . • ■ <5„/2j all 5k G UJ, n even. Given some RDT(Cj): Dj , 
the sequential apphcation of DjRc^^^ for j' = 1, 2, . . . , 2: — 1 results in Xa in 



view of Corollary. Now to complete the construction of Ex it would suffice 
to realize some Cj-mixing transform Mj on a quantum computer. Mj will be 
constructed in 3 steps. Here we can not apply Walsh -Hadamard transform like 



in the work [Gi] because Pj do not exhauste all basic states of Ti. 

Step 1. Given ep = -Po = Bq, Bi, . . . , Sat-i, 0, 0, . . . , 0, at first we create 
the state £_ = \ Bq, . . . , B^-i) (g) XHo XHn-i XHn-2 XHi , where Hi = 
{0, 1, ...,;- 1} if / ^ and i/o = {0,1,..., 2"-2i}. xhis can be done by 
independent applying to the ancillary registers the transformations |0) — > xhi 



built by A.Kitaev in the work |Ki 



Given a pair of sequences i — io,«i, . . . ,*Af-i; r = ro,ri, . . . ,rAr_i, where 
rs e Hn^s s = 1, . . . ,N ~ 1, To e Hf), we define the pair of sequences: 
ko,ki, . . . ,ks; /i^^]^, . . . , ft.^_]^ by induction on s, where ki, hf depend on i 
and f. 

Basis, s — 0. ko — js, h\, . . . , /i^z-i i^ obtained from i by deleting of jV-o- 

Step, s > 0. All fco,...,fcs_i are already defined. Put kg — /i^+r, > the 
new sequence /ig+i, . . . , h^j^_-^ is obtained from h^^^ , . . . , h'^j^_^ by deleting of 
ks. Denote 0, 1, . . . , iV - 1 by I, 0, 0, . . . , by 0. 

Let T = 2""2^, ji < J2 < ■ ■ ■ < JT, Bj^,bj2, . . . , Bj^ be all blocks from Cj. 

Step 2. It is the chain of classical transformations (with unitary matrices 
containing only ones and zeroes): ^ — > ^q — > . . . ^jv-i, where 

Cs = Bk„,Bki, ■ . . ,Bk^_i,B,^s-i,Bf^s-^ ,Po, ■ • • ,Ps-i,rs, . . . ,rN-i- 

A. Passage ^ — > ^o- It is the replacement of tq by the number q such that 
iq = jrg , where irg = jt ■ This can be done in view of that the mapping q — > jq 
is reversible. 

B. Passage ^s — *■ Cs+i, s = 0,1, ... ,N — 2. We find the block Bk^ and 
establish it immediately after Bk^_^, the order of all other blocks remains un- 
changed. In view of the definition of kg this can be done by means of clas- 
sical unitary transform independently of the contents of blocks. Replacement 
Ts — *■ Ps ensure the reversibility, e.g. unitarity of this transformation. 

Step 3 (Optional). Transform ps{i,f) — > ps{i,f) — ps{l,Q), 

s — 0, 1,...,7V— 1 results in zeroes in ancillary qubits if an initial state 
is Pq. These steps been applied to Pq give any states from Cj with the same 
amplitudes, therefore they give Xa- ^ 

More detailed analysis gives that steps 1-3 take the time 0{N'^ log N + 
T{N)) on a quantum Turing Machine where T{N) is the time required for 
the Step 1 when precision is fixed. Hence the procedure Ex takes the time 
0{{N^ log^ N + T{N)) log TV). 

We have described the procedure of extracting a, f{a). The reverse prosedure 
restores the main state of the database. The main state xo can be prepared along 
similar lines which takes 0{N^ log^ N + NT{N) log TV) time. 

Note that the observation of the first block described above gives a, f{a) 
only in ideal case, e.g. if the following effects can be neglected. 



1. Precision of transformations is not absolute, especially for the procedures 
in Step 1. 

2. Presence of noice: spontaneous transformations of the forms: — > 
1, — > —0, which touch sufficiently small part of each block Bi. 

3. Unauthorized actions. Some actions with the database with the aim to 
learn a value f{b) when the control system works at the query a ^ b. We now 
turn to the point 3. In the last section we shall briefly run through the point 2. 

6 Protection of information against unauthorized 
actions 

We presume that the aim of such actions is to learn f{b) for b ^ a with high 
probability p and some g blocs are inaccessible for these actions, the first block 
(where control system observes the result) is among them. To do this would 
require to deal with Np blocks of memory because values f{b) are distributed 
among all blocks but the first with the same probability at any instant of time. 
We shall regard the following scenario. Let somebody S (say, spy) be 
equipped with a quantum computer with its own memory. When our database 
is in state xc when working on a query a S fulfills the following: 

a) observes any Np accessible blocks of our database at one instant of time, 
then 

b) fulfills unitary transforms with the accessible part of the database and a 
memory his computer with the aim to cover up all traces of his observations. 

After that the control system continues its work as usually. Denote by Pex 
the probability of that the control system will not receive the word of the form 
a, A when observing the first block (exposure of S). 

Theorem 1 There exists a function a{g, N) such that Ve > 3g : a(g, N) > 
1 — £ iV = 1, 2, . . . with the following property. For every choise of the block 
observed by S and his unitary transformations 

Pex > pot. 

Sketch of the proof 

The memory of computer used by S can be considered as ancillary part of 
memory in our database. 

We shall write x^^ Ri instead of XCi, Rd- Denote by Qo the state af- 
ter unauthorized action with the state Xj- Then the control system performs 
sequentially transformations Di^jRi^j^i, i — 1,2, ... , t — j — 1, t ~ n/2, we de- 
note by Qi+i its results: Qi+i = Di^jRi^j^i{Qi) and put e = (Qq \ Xj)- In view 
of unitarity of all transformations at hand Vi = \, . . . ,t — j — 1 {Qi \ Xi+j) = ^• 
Denote by Ssuc the set of such basic states, that the first block has the form 



a, A for some A. For any final state Qt-j-i the probability to expose S is 
1- E \{e\Qt-,-i)\^. We have: 



eeSs^a 



1 - Pe^ = pPl + {1 ~ p)P2, 



where Pi (P2 ) is the probability that the control system receives a,^ on con- 
dition that the block a, /(a) was observed by S, (was not observed by S respec- 
tively). 

Case 1). The block a, f{a) was observed by S 

Let L, = (A^-l)!2*~(*+^) be the cardinality of C,. Denote by gf^ the average 
amplitude of all basic states from Ci+j when database is in state Qi . We thus 
have Iqf'"] < \e\l\fl7i. Let 5„orm and 83 denote absolute growth of average 
amplitudes among basic Ct -states in cases without S and with S respectively. 
It follows from Lemma that ^norm > s^s and in state Qt-j-i all basic states 
from Ssuc with nonzero amplitudes contain in Ct- Therefore Pi < jep. 

Case 2). The block a, f{a) was not observed by S. 

Here we rouphly estimate P2 < i- Joining these cases we conclude that 
1 — Pex > P£^ + l—p. At last, in view of assumed conditions e can be estimated 
as |£| < 2{l-p)s . a 

7 Error correcting procedure for the database 

A random error in the database is a transformations on the basic states induced 
by changes of qubits values of the forms — > 1 or vise versa and changes 
of phases — > —0 or 1 — > —1, touching only small part of the qubits in 
each block of memory. Note that the phase errors : — > —1, 1 — > —1 can 



be reduced to the changes of values as it is shown in the work |CS| . Error 
correcting codes (ECC) is the conventional tool to correct errors of such a sort. 
Let each block contains n qubits. 

Encoding is an injection of the form : E : {0, 1}" — » {0, 1}"% where ni > n. 

n 

If Wn{A) — "^ Ui is Hamming weight of the word A = 0102 . . . a„ G {0, 1}", the 

4=1 

distance between two such words A, B is dn{A, B) = Wn{A^B) where 
denotes a bitwise addition modulo 2. Put d(E) = min d,u(E(A),E(B)). 

^ ' A,i3e{0,l}" 

Then if for some A! ,B' £ {0, l}"i B' e Im(E) dni(A',B') < d(E)/2 then 
such B' is defined for A' uniquely and we obtain the partial functions A' — > 
B' — > E-^{B') = A e {0, 1}". Their superposition V : A' — > A is called 
decoding procedure for encoding E. V corrects < d{E)/2 errors occured in 
encoding words B' . This procedure is essentially classical because the mapping 
A' — > B' is not reversible. But if we use additional registers consisting of 
ancillary qubits and denote by 7 its contents we can regard a reversible function 
A' — > B', "/{A') — > E-'^{B'),"f{A') instead of classical decoding and fulfill 



this procedure on quantum computer. The work ]CS[ also proposed simple and 
convenient quantum linear codes. 

ECC can be used in course of computations to correct errors which occure 
randomly as a result of noise. The size of ancillary register thus is the bigger 
the time of computation is longer. The paper [ |AB( | presents error correcting 
procedure which correct errors with constant rate repeatedly in course of com- 
puting and requires the size of ancillary registers polylogarithmical on the time 
of computing. This error correcting procedure can be applied to our database 
which results in basic states of the form E(ei), 7^ instead of e^ considered below, 
here all properties of the database will remain unchanged. 
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